[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Sep 5 16:00:41 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3fe0d32f by Moritz Muehlenhoff at 2022-09-05T16:59:40+02:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4765,6 +4765,7 @@ CVE-2022-2735
- pcs 0.11.3-2 (bug #1018930)
NOTE: https://www.openwall.com/lists/oss-security/2022/09/01/4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116815
+ NOTE: https://github.com/ClusterLabs/pcs/commit/de068e2066e377d1cc77edf25aed0198e4c77f7b
CVE-2022-2734 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
NOT-FOR-US: OpenEMR
CVE-2022-2733 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...)
@@ -34918,24 +34919,28 @@ CVE-2022-27149
REJECTED
CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integ ...)
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <end-of-life> (EOL in buster LTS)
+ [bullseye] - gpac <not-affected> (Vulnerable code not present)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2067
NOTE: https://github.com/gpac/gpac/commit/0cd19f4db70615d707e0e6202933c2ea0c1d36df (v2.0.0)
CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free v ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2109
NOTE: https://github.com/gpac/gpac/commit/9723dd0955894f2cb7be13b94cf7a47f2754b893 (v2.0.0)
CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vu ...)
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <end-of-life> (EOL in buster LTS)
+ [bullseye] - gpac <not-affected> (Vulnerable code not present)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2120
NOTE: https://github.com/gpac/gpac/commit/f0a41d178a2dc5ac185506d9fa0b0a58356b16f7 (v2.0.0)
CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow v ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/commit/d7daa8aeb6df4b6c3ec102622e1599279310a19e (v2.0.0)
=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ netatalk
--
nodejs
--
+pcs (jmm)
+--
php-horde-mime-viewer
--
php-horde-turba
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fe0d32f5f72ecf42066838cdecbeec91194de30
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fe0d32f5f72ecf42066838cdecbeec91194de30
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220905/2bd9ecc6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list